Sign In

There will be limited access to Member pages December 4-9, 2015, for routine maintenance.

CAP - Certified Authorization Professional

An In-Demand Position for the In-Control Individual

The Certified Authorization Professional (CAP) certification is an objective measure of the knowledge, skills and abilities required for personnel involved in the process of authorizing and maintaining information systems. Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure that information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals.

The CAP credential is appropriate for commercial markets, civilian and local governments, and the U.S. Federal government including the State Department and the Department of Defense (DoD). See CAP and DoD 8570. Job functions such as authorization officials, system owners, information owners, information system security officers, and certifiers as well as all senior system managers apply.

The ideal candidate should have experience, skills or knowledge in:

  • IT security
  • Information assurance
  • Information risk management
  • Certification
  • Systems administration
  • 1-2 years of general technical experience
  • 2 years of general systems experience
  • 1-2 years of database/systems development/network experience
  • Information security policy
  • Technical or auditing experience within government, the U.S. Department of Defense, the financial or health care industries, and/or auditing firms
  • Strong familiarity with NIST documentation

The CAP examination tests the breadth and depth of a candidate’s knowledge by focusing on the 7 domains of the CAP CBK:

  1. Risk Management Framework (RMF)
  2. Categorization of Information Systems
  3. Selection of Security Controls
  4. Security Control Implementation
  5. Security Control Assessment
  6. Information System Authorization
  7. Monitoring of Security Controls

CAP Exam Information

Length of exam     3 hours
Number of questions 125
Question format Multiple choice questions
Passing grade 700 out of 1000 points
Exam Language English
Testing center Pearson Vue Testing Center
Exam pricing Exam pricing (PDF)
Study tools

Official (ISC)² Guide to the CAP CBK Textbook  

Official (ISC)² training seminar

Interactive Flaschards

Practice test app

Exam outline


For more information on the CAP certification, download the CAP Brochure.  

All (ISC)² certifications, except CCSP, CCFP and HCISPP, are accredited by the American National Standards Institute (ANSI) to be in compliance with the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 17024 Standards.  

Need More Information?